Direct Vulnerabilities

Known vulnerabilities in the kargo package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-8xwf-rjm4-xvhv

<1.10.8-r2
  • L
CVE-2026-48978

<1.10.8-r2
  • L
CVE-2026-50162

<1.10.8-r2
  • L
CVE-2026-50151

<1.10.8-r2
  • L
GHSA-xf85-363p-868w

<1.10.8-r2
  • L
GHSA-jxpm-75mh-9fp7

<1.10.8-r2
  • L
GHSA-vh4v-2xq2-g5cg

<1.10.8-r2
  • L
Improper Input Validation

<1.10.8-r1
  • L
GHSA-cvxm-645q-p574

<1.10.8-r1
  • L
GHSA-33vj-92qq-66hc

<1.10.8-r1
  • L
CVE-2026-50195

<1.10.8-r1
  • L
Symlink Following

<1.10.8-r1
  • L
GHSA-rgh6-rfwx-v388

<1.10.8-r1
  • L
GHSA-5wrp-cwcj-q835

<1.10.8-r1
  • L
Uncontrolled Memory Allocation

<1.10.8-r1
  • L
GHSA-w879-237q-wc7r

<1.10.4-r3
  • L
GHSA-rm3j-f69w-wqmq

<1.10.4-r3
  • L
GHSA-q4h4-gmj2-qvw2

<1.10.4-r3
  • L
GHSA-89gr-r52h-f8rx

<1.10.4-r3
  • L
GHSA-jpcc-p29g-p8mq

<1.10.7-r1
  • L
CVE-2026-47262

<1.10.7-r1
  • L
GHSA-xhf5-7wjv-pqxp

<1.10.7-r1
  • L
Improper Input Validation

<1.10.7-r1
  • L
GHSA-vvgj-x9jq-8cj9

<1.10.5-r2
  • H
Allocation of Resources Without Limits or Throttling

<1.10.5-r2
  • L
Incorrect Type Conversion or Cast

<1.10.4-r3
  • L
Integer Overflow or Wraparound

<1.10.4-r3
  • L
Missing Authorization

<1.10.4-r3
  • L
Improper Verification of Cryptographic Signature

<1.10.4-r3
  • L
GHSA-fqw6-gf59-qr4w

<1.10.4-r2
  • L
Improper Privilege Management

<1.10.4-r2
  • L
GHSA-crhj-59gh-8x96

<1.10.4-r1
  • C
Improper Encoding or Escaping of Output

<1.10.4-r1
  • L
Directory Traversal

<1.10.4-r1
  • L
GHSA-m7cr-m3pv-hgrp

<1.10.4-r1
  • L
GHSA-389r-gv7p-r3rp

<1.10.3-r1
  • H
Incorrect Behavior Order: Validate Before Canonicalize

<1.10.3-r1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<1.10.3-r0
  • H
Insufficiently Protected Credentials

<1.9.6-r3
  • L
GHSA-pc3f-x583-g7j2

<1.9.6-r2
  • L
GHSA-3xc5-wrhm-f963

<1.9.6-r3
  • L
Allocation of Resources Without Limits or Throttling

<1.9.6-r2
  • L
GHSA-mh2q-q3fh-2475

<1.9.6-r1
  • L
Allocation of Resources Without Limits or Throttling

<1.9.6-r1
  • L
GHSA-7mr4-xjxg-34g6

<1.10.5-r0
  • L
GHSA-5w89-2c2x-6x66

<1.10.5-r0
  • L
GHSA-gjvh-7jh8-7xhm

<1.10.5-r0
  • M
Allocation of Resources Without Limits or Throttling

<1.10.5-r0
  • H
Incorrect Authorization

<1.10.5-r0
  • L
CVE-2026-32280

<1.10.5-r0
  • H
Allocation of Resources Without Limits or Throttling

<1.10.5-r0
  • M
Cross-site Scripting (XSS)

<1.10.5-r0
  • H
Improper Certificate Validation

<1.10.5-r0
  • L
GHSA-jrg3-gfjw-hm96

<1.10.5-r0
  • L
GHSA-x4jj-h2v8-hqqv

<1.10.5-r0
  • L
GHSA-m4pr-4j3g-9v7v

<1.10.5-r0
  • L
Uncaught Exception

<1.9.5-r8
  • L
GHSA-78h2-9frx-2jm8

<1.9.5-r8
  • L
GHSA-jhf3-xxhw-2wpp

<1.9.5-r7
  • L
GHSA-gm2x-2g9h-ccm8

<1.9.5-r7
  • L
Improper Validation of Array Index

<1.9.5-r7
  • L
Integer Underflow

<1.9.5-r7
  • L
Improper Authorization

<1.9.5-r5
  • L
GHSA-p77j-4mvh-x3m3

<1.9.5-r5
  • L
Allocation of Resources Without Limits or Throttling

<1.9.5-r2
  • H
CVE-2025-15558

<1.9.5-r3
  • L
GHSA-p436-gjf2-799p

<1.9.5-r3
  • L
GHSA-g754-hx8w-x2g6

<1.9.5-r2
  • L
GHSA-47m2-4cr7-mhcw

<1.9.5-r1
  • L
Reachable Assertion

<1.9.5-r1
  • L
GHSA-h355-32pf-p2xm

<1.9.2-r1
  • L
Allocation of Resources Without Limits or Throttling

<1.8.4-r2
  • L
GHSA-93mq-9ffx-83m2

<1.3.1-r3
  • L
GHSA-6v2p-p543-phr9

<1.3.1-r3
  • L
GHSA-265r-hfxg-fhmg

<1.3.1-r3
  • L
Use of Uninitialized Resource

<1.7.2-r1
  • L
GHSA-r9px-m959-cxf4

<1.1.2-r1
  • L
GHSA-3whm-j4xm-rv8x

<1.2.2-r1
  • L
Allocation of Resources Without Limits or Throttling

<1.3.1-r3
  • L
GHSA-j7vj-rw65-4v26

<0.8.7-r1
  • L
Allocation of Resources Without Limits or Throttling

<1.7.2-r1
  • L
CVE-2025-58181

<1.8.3-r2
  • L
GHSA-hcg3-q754-cr77

<1.3.1-r1
  • L
Arbitrary Argument Injection

<1.1.2-r1
  • L
Resource Exhaustion

<1.1.2-r1
  • L
GHSA-37cx-329c-33x3

<1.9.3-r1
  • L
GHSA-j5w8-q4qc-rx2x

<1.8.3-r2
  • L
CVE-2025-22870

<1.3.1-r2
  • C
CVE-2025-68121

<1.9.2-r1
  • L
CVE-2025-61732

<1.9.2-r1
  • L
GHSA-c6gw-w398-hv78

<1.2.3-r1
  • L
CVE-2025-22866

<1.2.2-r1
  • L
CVE-2024-34155

<0.8.7-r1
  • L
GHSA-5mh9-3jwc-rp59

<1.8.4-r1
  • L
Improper Certificate Validation

<1.8.4-r1
  • L
Asymmetric Resource Consumption (Amplification)

<1.3.1-r4
  • M
Improper Validation of Integrity Check Value

<1.9.3-r1
  • L
GHSA-8jvr-vh7g-f8gx

<1.9.2-r1
  • L
GHSA-v725-9546-7q7m

<1.1.2-r1
  • L
GHSA-7c64-f9jr-v9h2

<1.8.4-r1
  • L
CVE-2024-34158

<0.8.7-r1
  • L
GHSA-w32m-9786-jp63

<1.1.1-r2
  • L
CVE-2025-47914

<1.8.3-r2
  • L
GHSA-v778-237x-gjrc

<1.1.1-r1
  • L
GHSA-crqm-pwhx-j97f

<0.8.7-r1
  • L
CVE-2025-22872

<1.4.2-r1
  • H
Integer Overflow or Wraparound

<1.3.1-r3
  • L
CVE-2024-45338

<1.1.1-r2
  • L
GHSA-qxp5-gwg8-xv66

<1.3.1-r2
  • M
Missing Initialization of Resource

<1.6.1-r2
  • H
Arbitrary Code Injection

<1.6.0-r1
  • L
GHSA-8xfx-rj4p-23jm

<0.8.7-r1
  • M
Memory Leak

<1.8.3-r1
  • H
Incorrect Execution-Assigned Permissions

<1.8.3-r1
  • L
GHSA-cfpf-hrx2-8rv6

<1.8.4-r2
  • L
GHSA-mh63-6h87-95cp

<1.3.1-r4
  • L
GHSA-m6hq-p25p-ffr2

<1.8.3-r1
  • L
Improper Certificate Validation

<1.8.4-r1
  • L
CVE-2025-22868

<1.3.1-r3
  • L
CVE-2024-34156

<0.8.7-r1
  • L
CVE-2025-22869

<1.3.1-r1
  • L
GHSA-f9f8-9pmf-xv68

<1.7.2-r1
  • L
CVE-2024-45337

<1.1.1-r1
  • L
Allocation of Resources Without Limits or Throttling

<1.2.3-r1
  • L
GHSA-f6x5-jh6r-wrfv

<1.8.3-r2
  • L
GHSA-pwhc-rpq9-4c8w

<1.8.3-r1
  • L
GHSA-vvgc-356p-c3xw

<1.4.2-r1
  • L
GHSA-557j-xg8c-q2mm

<1.6.0-r1
  • L
GHSA-9h84-qmv7-982p

<1.7.2-r1
  • L
GHSA-x4rx-4gw3-53p4

<1.6.1-r2
  • L
CVE-2024-41110

<0.8.1-r1
  • L
CVE-2024-24791

<0.7.1-r2
  • M
Information Exposure Through Log Files

<0.7.1-r1
  • M
CVE-2024-24789

<0.6.0-r3
  • C
CVE-2024-24790

<0.6.0-r3
  • L
CVE-2023-45288

<0.5.2-r1
  • H
Incorrect Resource Transfer Between Spheres

<0.4.4-r2
  • H
Origin Validation Error

<0.4.4-r2
  • L
CVE-2024-24786

<0.4.4-r1
  • L
CVE-2024-28180

<0.4.3-r2